1. Field Of The Invention
The present invention relates to techniques for managing network access and was developed by paying particular attention to the possible use in access control and remote management of configuration data in access gateways permitting interaction between local area networks (LANs) and wide area networks (WANs) such us Internet. Specifically, the invention relates to techniques for operating by means of a smart card (SC) under the control of management system an access gateway between a local area network (LAN) and a wide area network (WAN).
2. Description Of The Related Art
Configuring and maintaining wideband network access apparatus such as so-called customer premise equipment or CPE may entail significant problems and corresponding costs for system providers, these being primarily related to the possible need of direct intervention by technical personnel with the clients' premises.
Self-installation and self-configuration tools may facilitate and reduce provisioning costs. However, these tools may not be adapted to properly take into account modifications, both deliberate and unintentional, that the client may introduce in the configuration of its access gateway. Moreover, in the case of a failure in the access gateway, the self-configuration tools are usually unable to permit the previous configuration to be completely restored. This applies primarily to those parameters that were personalized by the client (for instance specific configuration parameters related to the home network and the LAN interface).
Another problem has to be tackled by a system provider in managing access gateway configuration: while wishing to give the client the possibility of personalizing certain parameters (for instance the LAN interface configuration, the firewalling rules, and so on), the need exists of preventing undesired access and modifications to the parameters on the wide area network side, which may lead to the service profile being modified. This applies primarily to information such as User ID and password, in order to avoid fraudulent and/or unauthorized use (for instance on another access gateways or for other unqualified products).
From WO-A-02/080515 a system and method are known for configuring a network access equipment by utilizing a data storage card or a smart card in response to a request for service from a subscriber to a network application service provider. The system includes a card writer for writing configuration data from the application service provider to the card, and a card reader for downloading the configuration settings into the network access equipment from the card. The card may also include provisions for authentication and known-repudiation of service configurations received via a public key cryptography system.
In U.S. 2002/0104016A1 a network router is disclosed adapted for coupling a LAN to a WAN such as the Internet or an intranet. The router in question includes a smart card device for receiving and reading a smart card. The smart card includes information needed for permitting the router to access the Internet or intranet, such as an access phone number, an encryption key, configuration data and an ID and password. A specified security level can also be stored within the information on the smart card to restrict such access.